Parties
DRACL has 4 main parties:
- Producer - publishes resources and controls access
- Consumer - fetches resources and is granted access
- Service - hosts resources and relies on DRACL for access control
- Authentication Agent - Acts as a user's (producer or consumer) address book, provides an interface to manage access, stores keys, etc.
The authentication agent acts as a middleman for facilitating access control checks but must not have access to the resources itself.
- SHOULD be online most of the time.
- MAY know a producer's associations.
- MUST NOT be able to access it's users' resources.
The service serves the resources and relies on DRACL for access control. While it must be able to check access, it must not be able to identify users based on this protocol (excluding side channels).
- MUST be online (nb).
- MUST be able to authenticate resource access.
- MUST NOT be able to know a user's associations.
- MUST NOT be able to access other resources.
- MUST NOT be able to group independent resources by consumer (given no additional information).
The producer publishes resources to services and controls his or her resource's the ACL.
- MUST be able to grant access to his or her resources.
- MAY be able to revoke access to his or her resources.
- SHOULD be able to add members to his or her groups.
- SHOULD be able to remove members from his or her groups.
The consumer accesses resources served by services by proving that he or she is in an ACL.
- MUST NOT be able to prove membership in an ACL of which he or she is not a member.
- MUST NOT be able to learn the members of an ACL (excluding collusion).
- MAY be able to transfer group memberships.
- MUST NOT be able to modify another producer's ACL.